Greenhouse.io: Cache poisoning using NULL bytes and long URLs
This is related to a previous report I made https://hackerone.com/reports/326639. The same endpoint https://boards.greenhouse.io/embed/jobboard/js?for= is still vulnerable to arbitrary string injection, by terminating the customer key in the for parameter with a URL-encoded NULL byte i.e. %00,...